I have been reading up about this EU cookie law, and have also had in depth conversations with my girlfriend who is a solicitor/lawyer and with colleagues while building websites. While we are now working towards implementing a way to abide by the EU law, I have thought of something which no one really knows the answer to and has caused a few arguments.

It's my understanding that any website in the EU must abide by these cookie laws, which is understandable. However, say if I were to have a .co.uk or .eu domain name pointing to a website which is hosted in America for example, do I still need to abide by the EU laws even though the website is hosted outside of the EU? One person I have asked has said that because the domain name is .co.uk or .eu (a European TLD) then the website is still accountable under EU law. Another person I have asked has said because the actual website is held outside of the EU, it doesn't actually have to bother with this law.

I will say it depends on where the business responsible for the site is based on. A few month ago I run into troubles with a well known Third party advertisement service (not Google) and for you to have an idea the Data Protection Commissioner (Information Commissioner's Office) could not reach them or even demand them to hand over certain information simply because in their T&C they state that any legal proceeding should be carried on the country from where they are based.

They are not required to comply with local or EU laws, but yes they can operate an .ie or in your case an .co.uk domain name, they can even host the site in your country, the thing is where they are based.

There is a massive gap due to the fact that the ones writing these rules don't know how to send an email... Today, a business can be registered in India (due to low tax) have a website hosted in US (good price) and operate a .co.uk domain name (their target audience).

"An organisation based in the UK is likely to be subject to the
requirements of the Regulations even if their website is technically
hosted overseas."

The "based" is too vague and poor, based as in registered business ? Hosted ? Domain name ? Target audience ?

All this without thinking that instead of a .co.uk you can operate a .com that is just targeted for people in the UK.

In my opinion IF you have a .co.uk and you are "based" on the UK (as in living there) you should follow the laws just because is easy to find out who owns the domain name, and maybe where is hosted.

IF the site under a .co.uk, is hosted outside AND they can't find where you are "based" (as in you are not living there) You can avoid to comply with these rules.

The fine can be a maximum of 500,000£ IF you know that you where doing something wrong and the level of the wrong dong was such that was causing distress among your users.

• Monetary penalty notice: a monetary penalty notice requires an
organisation to pay a monetary penalty of an amount determined by the
ICO, up to a maximum of £500,000. This power can be used in the most
serious of cases and if specific criteria are met, if any person has
seriously contravened the Regulations and if the contravention was of
a kind likely to cause substantial damage or substantial distress. In
addition the contravention must either have been deliberate or the
person must have known or ought to have known that there was a risk
that a contravention would occur and failed to take reasonable steps
to prevent it.

In my own experience the website was not accountable because was and I quote "... outside of EU jurisdiction..."

Well if you don't live in the EU or do business in the EU, and unless the country you live in is going to extradite you, it doesn't matter if the EU courts try to fine you...just ignore it (and don't go to Europe).

As I understand the law, it only applies if your business is located in the EU, or of course if your business owns subsidaries in the EU. The only reason Microsoft would have to comply with EU laws is because they have offices and stores and are registered as a corporation in probably all of those countries. If, for instance, your company has one office and it's located in America, there's nothing the EU can do no matter what they say.